Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
D
dex
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
go
dex
Commits
e640be85
Commit
e640be85
authored
May 17, 2016
by
bobbyrullo
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #444 from bobbyrullo/fix_375
Revert "Fix response_type missing param"
parents
b29deb73
84784993
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
42 additions
and
97 deletions
+42
-97
http.go
server/http.go
+42
-74
http_test.go
server/http_test.go
+0
-23
No files found.
server/http.go
View file @
e640be85
...
@@ -255,7 +255,7 @@ func renderLoginPage(w http.ResponseWriter, r *http.Request, srv OIDCServer, idp
...
@@ -255,7 +255,7 @@ func renderLoginPage(w http.ResponseWriter, r *http.Request, srv OIDCServer, idp
v
:=
r
.
URL
.
Query
()
v
:=
r
.
URL
.
Query
()
v
.
Set
(
"connector_id"
,
idpc
.
ID
())
v
.
Set
(
"connector_id"
,
idpc
.
ID
())
v
.
Set
(
"response_type"
,
q
.
Get
(
"response_type"
)
)
v
.
Set
(
"response_type"
,
"code"
)
link
.
URL
=
httpPathAuth
+
"?"
+
v
.
Encode
()
link
.
URL
=
httpPathAuth
+
"?"
+
v
.
Encode
()
td
.
Links
=
append
(
td
.
Links
,
link
)
td
.
Links
=
append
(
td
.
Links
,
link
)
}
}
...
@@ -273,92 +273,77 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
...
@@ -273,92 +273,77 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
}
}
q
:=
r
.
URL
.
Query
()
q
:=
r
.
URL
.
Query
()
register
:=
q
.
Get
(
"register"
)
==
"1"
&&
registrationEnabled
e
:=
q
.
Get
(
"error"
)
if
e
!=
""
{
sessionKey
:=
q
.
Get
(
"state"
)
if
err
:=
srv
.
KillSession
(
sessionKey
);
err
!=
nil
{
log
.
Errorf
(
"Failed killing sessionKey %q: %v"
,
sessionKey
,
err
)
}
renderLoginPage
(
w
,
r
,
srv
,
idpcs
,
register
,
tpl
)
return
}
// Retrieve client id
connectorID
:=
q
.
Get
(
"connector_id"
)
clientid
:=
q
.
Get
(
"client_id"
)
idpc
,
ok
:=
idx
[
connectorID
]
if
!
ok
{
// Retrieve state
renderLoginPage
(
w
,
r
,
srv
,
idpcs
,
register
,
tpl
)
state
:=
q
.
Get
(
"state"
)
// Retrieve response_type
responseType
:=
q
.
Get
(
"response_type"
)
// Retrieve scopes
qscope
:=
strings
.
Fields
(
q
.
Get
(
"scope"
))
// Check client ID param
if
clientid
==
""
{
log
.
Errorf
(
"Invalid auth request: no client_id received"
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
state
)
return
return
}
}
// Check redirect_uri param, but if it's empty we don't return any error here
acr
,
err
:=
oauth2
.
ParseAuthCodeRequest
(
q
)
qru
:=
q
.
Get
(
"redirect_uri"
)
if
err
!=
nil
{
var
rURL
*
url
.
URL
log
.
Errorf
(
"Invalid auth request: %v"
,
err
)
if
qru
!=
""
{
writeAuthError
(
w
,
err
,
acr
.
State
)
ru
,
err
:=
url
.
Parse
(
qru
)
return
if
err
!=
nil
{
log
.
Errorf
(
"Invalid auth request: %v"
,
err
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
state
)
return
}
rURL
=
ru
}
}
cm
,
err
:=
srv
.
ClientMetadata
(
clientid
)
cm
,
err
:=
srv
.
ClientMetadata
(
acr
.
ClientID
)
if
err
!=
nil
{
if
err
!=
nil
{
log
.
Errorf
(
"Failed fetching client %q from repo: %v"
,
clientid
,
err
)
log
.
Errorf
(
"Failed fetching client %q from repo: %v"
,
acr
.
ClientID
,
err
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorServerError
),
s
tate
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorServerError
),
acr
.
S
tate
)
return
return
}
}
if
cm
==
nil
{
if
cm
==
nil
{
log
.
Errorf
(
"Client %q not found"
,
clientid
)
log
.
Errorf
(
"Client %q not found"
,
acr
.
ClientID
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
s
tate
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
acr
.
S
tate
)
return
return
}
}
if
len
(
cm
.
RedirectURIs
)
==
0
{
if
len
(
cm
.
RedirectURIs
)
==
0
{
log
.
Errorf
(
"Client %q has no redirect URLs"
,
clientid
)
log
.
Errorf
(
"Client %q has no redirect URLs"
,
acr
.
ClientID
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorServerError
),
s
tate
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorServerError
),
acr
.
S
tate
)
return
return
}
}
redirectURL
,
err
:=
client
.
ValidRedirectURL
(
r
URL
,
cm
.
RedirectURIs
)
redirectURL
,
err
:=
client
.
ValidRedirectURL
(
acr
.
Redirect
URL
,
cm
.
RedirectURIs
)
if
err
!=
nil
{
if
err
!=
nil
{
switch
err
{
switch
err
{
case
(
client
.
ErrorCantChooseRedirectURL
)
:
case
(
client
.
ErrorCantChooseRedirectURL
)
:
log
.
Errorf
(
"Request must provide redirect URL as client %q has registered many"
,
clientid
)
log
.
Errorf
(
"Request must provide redirect URL as client %q has registered many"
,
acr
.
ClientID
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
s
tate
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
acr
.
S
tate
)
return
return
case
(
client
.
ErrorInvalidRedirectURL
)
:
case
(
client
.
ErrorInvalidRedirectURL
)
:
log
.
Errorf
(
"Request provided unregistered redirect URL: %s"
,
r
URL
)
log
.
Errorf
(
"Request provided unregistered redirect URL: %s"
,
acr
.
Redirect
URL
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
s
tate
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
acr
.
S
tate
)
return
return
case
(
client
.
ErrorNoValidRedirectURLs
)
:
case
(
client
.
ErrorNoValidRedirectURLs
)
:
log
.
Errorf
(
"There are no registered URLs for the requested client: %s"
,
rURL
)
log
.
Errorf
(
"There are no registered URLs for the requested client: %s"
,
acr
.
RedirectURL
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
state
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
acr
.
State
)
return
default
:
log
.
Errorf
(
"Unexpected error checking redirect URL for client %q: %v"
,
clientid
,
err
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorServerError
),
state
)
return
return
}
}
}
}
// Response type check
if
acr
.
ResponseType
!=
oauth2
.
ResponseTypeCode
{
switch
responseType
{
log
.
Errorf
(
"unexpected ResponseType: %v: "
,
acr
.
ResponseType
)
case
"code"
:
// Add more cases as we support more response types
redirectAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorUnsupportedResponseType
),
acr
.
State
,
redirectURL
)
default
:
log
.
Errorf
(
"Invalid auth request: unsupported response_type"
)
redirectAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorUnsupportedResponseType
),
state
,
redirectURL
)
return
return
}
}
// Check scopes.
// Check scopes.
var
scopes
[]
string
var
scopes
[]
string
foundOpenIDScope
:=
false
foundOpenIDScope
:=
false
for
_
,
scope
:=
range
qs
cope
{
for
_
,
scope
:=
range
acr
.
S
cope
{
switch
scope
{
switch
scope
{
case
"openid"
:
case
"openid"
:
foundOpenIDScope
=
true
foundOpenIDScope
=
true
...
@@ -379,33 +364,16 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
...
@@ -379,33 +364,16 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
if
!
foundOpenIDScope
{
if
!
foundOpenIDScope
{
log
.
Errorf
(
"Invalid auth request: missing 'openid' in 'scope'"
)
log
.
Errorf
(
"Invalid auth request: missing 'openid' in 'scope'"
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
state
)
writeAuthError
(
w
,
oauth2
.
NewError
(
oauth2
.
ErrorInvalidRequest
),
acr
.
State
)
return
}
register
:=
q
.
Get
(
"register"
)
==
"1"
&&
registrationEnabled
e
:=
q
.
Get
(
"error"
)
if
e
!=
""
{
if
err
:=
srv
.
KillSession
(
state
);
err
!=
nil
{
log
.
Errorf
(
"Failed killing sessionKey %q: %v"
,
state
,
err
)
}
renderLoginPage
(
w
,
r
,
srv
,
idpcs
,
register
,
tpl
)
return
}
connectorID
:=
q
.
Get
(
"connector_id"
)
idpc
,
ok
:=
idx
[
connectorID
]
if
!
ok
{
renderLoginPage
(
w
,
r
,
srv
,
idpcs
,
register
,
tpl
)
return
return
}
}
nonce
:=
q
.
Get
(
"nonce"
)
nonce
:=
q
.
Get
(
"nonce"
)
key
,
err
:=
srv
.
NewSession
(
connectorID
,
clientid
,
state
,
redirectURL
,
nonce
,
register
,
qs
cope
)
key
,
err
:=
srv
.
NewSession
(
connectorID
,
acr
.
ClientID
,
acr
.
State
,
redirectURL
,
nonce
,
register
,
acr
.
S
cope
)
if
err
!=
nil
{
if
err
!=
nil
{
log
.
Errorf
(
"Error creating new session: %v: "
,
err
)
log
.
Errorf
(
"Error creating new session: %v: "
,
err
)
redirectAuthError
(
w
,
err
,
s
tate
,
redirectURL
)
redirectAuthError
(
w
,
err
,
acr
.
S
tate
,
redirectURL
)
return
return
}
}
...
@@ -431,7 +399,7 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
...
@@ -431,7 +399,7 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
lu
,
err
:=
idpc
.
LoginURL
(
key
,
p
)
lu
,
err
:=
idpc
.
LoginURL
(
key
,
p
)
if
err
!=
nil
{
if
err
!=
nil
{
log
.
Errorf
(
"Connector.LoginURL failed: %v"
,
err
)
log
.
Errorf
(
"Connector.LoginURL failed: %v"
,
err
)
redirectAuthError
(
w
,
err
,
s
tate
,
redirectURL
)
redirectAuthError
(
w
,
err
,
acr
.
S
tate
,
redirectURL
)
return
return
}
}
...
...
server/http_test.go
View file @
e640be85
...
@@ -175,29 +175,6 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
...
@@ -175,29 +175,6 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
},
},
wantCode
:
http
.
StatusBadRequest
,
wantCode
:
http
.
StatusBadRequest
,
},
},
// empty response_type
{
query
:
url
.
Values
{
"redirect_uri"
:
[]
string
{
"http://client.example.com/callback"
},
"client_id"
:
[]
string
{
"XXX"
},
"connector_id"
:
[]
string
{
"fake"
},
"scope"
:
[]
string
{
"openid"
},
},
wantCode
:
http
.
StatusFound
,
wantLocation
:
"http://client.example.com/callback?error=unsupported_response_type&state="
,
},
// empty client_id
{
query
:
url
.
Values
{
"response_type"
:
[]
string
{
"code"
},
"redirect_uri"
:
[]
string
{
"http://unrecognized.example.com/callback"
},
"connector_id"
:
[]
string
{
"fake"
},
"scope"
:
[]
string
{
"openid"
},
},
wantCode
:
http
.
StatusBadRequest
,
},
}
}
for
i
,
tt
:=
range
tests
{
for
i
,
tt
:=
range
tests
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment